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METHOD TO PROVIDE GLOBAL SIGN-ON as the Open Horizon server to be installed and configured on 

FOR ODBC-BASED DATABASE the database server machine. However, it is desirable to have 

APPLICATIONS a global sign-on system that does not require any additional 

special client software to be installed and configured on the 

CROSS REFERENCE TO RELATED 5 client machine. It is also desirable to have a global sign-on 

APPLICATION system that does not require an additional server. 

The present application is ^ related to copending U.S. SUMMARY OF THE INVENTION 
patent application Sen No. 09/442,694 (entitled "Flexible 

Encryption Scheme for GSO Target Passwords") filed even The present invention provides a method in a data pro- 
date herewith. The above mentioned patent applications are 10 cessing system for managing multiple identities for a single 
assigned to the assignee of the present invention. The user. In a preferred embodiment, a request for content from 
content of the cross referenced copending application is a database, a service, or an application and a first user 
hereby incorporated herein by reference. identity entered by a user is received at a database server. 

Responsive to a determination that retrieval of the content 

BACKGROUND OF THE INVENTION ^ from the data base requires providing the database with user 

1. Technical Field information, the user's database identity or other informa- 
f-rm 4 . l4 ,i_cu* tion associated with the database is retrieved from a library 
T*e present invention relates to the field of computer f da(abase oQ fc q§0 server. The retrieved user 

software and, more particularly, to methods and apparatus to . . - . . _ , . . t . , . 

' . r ., . . Jy , tU t . • * identity mformation is then inserted into the request and the 

manage multiple user identities such that the user need only 20 { forwarded to the database, 

maintain a single user identity. 4 

2. Description of Related Art BRIEF DESCRIPTION OF THE DRAWINGS 
As computers have infiltrated society over the past several m , , . . _ . . 

decades and become more important in all aspects of mod- ^ n ™} Matures believed characteristic of the invention 

ern life, more and more confidential information has been 25 ™ set forth m „ lhe appended claims. The invention itself, 

stored on computer databases. However, computers and howcver ' «™ n as a P' eferr r ed of ^ rther ob J^' 

networks such as the Internet allow multitudes of users to tiv , es and advantages thereof, wiU best be understood by 

access databases. Many times multiple databases may be reference *> ' he followi u n g dela ' led Ascription of an illus- 

accessed via the same network, but not all users on the tratlve embodiment when read in conjunction with the 

network need or should have access to every database. 30 accompanying drawings, wherein: 

Therefore, security devices have been implemented to pre- FIG - 1 depicts a pictorial representation of a distributed 

vent unauthorized access to a database. data processing system in which the present invention may 

One method of preventing unauthorized access is to be implemented; 

require the user to provide user identification information to FIG- 2 depicts a block diagram of a data processing 

verify that that user is entitled to the information contained system which may be implemented as a server in accordance 

in the database. Thus, many database applications require a with the present invention; 

user to provide identification information, such as a user ID FIG. 3 depicts a block diagram of a data processing 

and password, in order to access a protected database. These system in which the present invention may be implemented; 

applications may have this information fixed within the 4Q FIG> 4 depicts a block diagram illustrating a prior art 

application (i.e., "hard coded"), the application may be ODBC architecture; 

configured with Ihe information or in some cases the nG 5 d ^ ' ^ d; illu8trating , software 

application may prompt the user for this mformation at run architecture in which , he presem may ^ imple . 

ime ' mented; and 

However, databases are not the only computer resources 4<; uin , A . . fl . . , .. ftU 

. , . , . J . c * . 45 FIG. 6 depicts a flowchart illustrating the processes of the 

requiring a user to provide identifymg information. Other . . 1 & r 

. « * 1 1 present invention, 

resources such as servers and networks may also require r 

users to provide identifying information. Because different DETAILED DESCRIPTION OF THE 

resources have different security requirements and because PREFERRED EMBODIMENT 
some resources assign identities rather than allowing a user 50 

to choose, many users may have multiple identities depend- With reference now to the figures, and in particular with 

ing on the particular resource that they are accessing. The reference to FIG. 1, a pictorial representation of a distributed 

database identity is yet another one that the user must data processing system is depicted in which the present 

maintain. invention may be implemented. 

Global Sign-on (GSO) technology attempts to manage 55 Distributed data processing system 100 is a network of 

this set of multiple identities on behalf of a user so that the computers in which the present invention may be imple- 

user only needs to maintain a single user identity. The user mented. Distributed data processing system 100 contains 

then allows the GSO to manage the other identities auto- network 102, which is the medium used to provide commu- 

matically whenever the user attempts to access a particular nications links between various devices and computers 

protected resource. 60 connected within distributed data processing system 100. 

Current versions of GSO use a product technology Network 102 may include permanent connections, such as 

referred to as Open Horizon to provide a single sign-on wire or fiber optic cables, or temporary connections made 

capability for databases. Open Horizon forwards all requests through telephone connections. 

through a DCE client RPC mechanism to an Open Horizon In the depicted example, server 104 is connected to 

server. The actual database request is then issued by the 65 network 102, along with storage unit 106. In addition, clients 

Open Horizon server. This technique requires a DCE client 108, 110 and 112 are also connected to network 102. These 

to be installed and configured on the client machine as well clients, 108, 110 and 112, may be, for example, personal 
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computers or network computers. For purposes of this 
application, a network computer is any computer coupled to 
a network which receives a program or other application 
from another computer coupled to the network. In the 
depicted example, server 104 provides data, such as boot 5 
files, operating system images and applications, to clients 
108-112. Clients 108, 110 and 112 are clients to server 104. 
Distributed data processing system 100 may include addi- 
tional servers, clients, and other devices not shown. Distrib- 
uted data processing system 100 also includes printers 114, 10 
116 and 118. A client, such as client 110, may print directly 
to printer 114. Clients such as client 108 and client 112 do 
not have directly attached printers. These clients may print 
to printer 116, which is attached to server 104, or to printer 
118, which is a network printer that does not require 15 
connection to a computer for printing documents. Client 
110, alternatively, may print to printer 116 or printer 118, 
depending on the printer type and the document require- 
ments. 

In the depicted example, distributed data processing sys- 20 
tern 100 is the Internet, with network 102 representing a 
worldwide collection of networks and gateways that use the 
TCP/IP suite of protocols to communicate with one another. 
At the heart of the Internet is a backbone of high-speed data 
communication lines between major nodes or host comput- 25 
ers consisting of thousands of commercial, government, 
education, and other computer systems that route data and 
messages. Of course, distributed data processing system 100 
also may be implemented as a number of different types of 
networks such as, for example, an intranet or a local area 30 
network. 

FIG. 1 is intended as an example and not as an architec- 
tural limitation for the processes of the present invention. 

Referring to FIG. 2, a block diagram of a data processing ^ 
system which may be implemented as a server, such as 
server 104 in FIG. 1, is depicted in accordance with the 
present invention. Data processing system 200 may be a 
symmetric multiprocessor (SMP) system including a plural- 
ity of processors 202 and 204 connected to system bus 206. 4Q 
Alternatively, a single processor system may be employed. 
Also connected to system bus 206 is memory controller/ 
cache 208, which provides an interface to local memory 209. 
I/O bus bridge 210 is connected to system bus 206 and 
provides an interface to I/O bus 212. Memory controller/ 45 
cache 208 and I/O bus bridge 210 may be integrated as 
depicted. 

Peripheral component interconnect (PCI) bus bridge 214 
connected to I/O bus 212 provides an interface to PCI local 
bus 216. A number of modems 218-220 may be connected 
to PCI bus 216. Typical PCI bus implementations will 
support four PCI expansion slots or add-in connectors. 
Communications links to network computers 108-112 in 
FIG. 1 may be provided through modem 218 and network 
adapter 220 connected to PCI local bus 216 through add-in 55 
boards. 

Additional PCI bus bridges 222 and 224 provide inter- 
faces for additional PCI buses 226 and 228, from which 
additional modems or network adapters may be supported. 
In this manner, server 200 allows connections to multiple go 
network computers. A memory mapped graphics adapter 
230 and hard disk 232 may also be connected to I/O bus 212 
as depicted, either directly or indirectly. 

Those of ordinary skill in the art will appreciate that the 
hardware depicted in FIG. 2 may vary. For example, other 65 
peripheral devices, such as optical disk drives and the like, 
also may be used in addition to or in place of the hardware 
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depicted. The depicted example is not meant to imply 
architectural limitations with respect to the present inven- 
tion. 

The data processing system depicted in FIG. 2 may be, for 
example, an Intel system running a Windows NT operating 
system. 

With reference now to FIG. 3, a block diagram of a data 
processing system in which the present invention may be 
implemented is illustrated. Data processing system 300 is an 
example of a client computer. Data processing system 300 
employs a peripheral component interconnect (PCI) local 
bus architecture. Although the depicted example employs a 
PCI bus, other bus architectures, such as Micro Channel and 
ISA, may be used. Processor 302 and main memory 304 are 
connected to PCI local bus 306 through PCI bridge 308. PCI 
bridge 308 may also include an integrated memory control- 
ler and cache memory for processor 302. Additional con- 
nections to PCI local bus 306 may be made through direct 
component interconnection or through add-in boards. In the 
depicted example, local area network (LAN) adapter 310, 
SCSI host bus adapter 312, and expansion bus interface 314 
are connected to PCI local bus 306 by direct component 
connection. In contrast, audio adapter 316, graphics adapter 
318, and audio/video adapter (A/V) 319 are connected to 
PCI local bus 306 by add-in boards inserted into expansion 
slots. Expansion bus interface 314 provides a connection for 
a keyboard and mouse adapter 320, modem 322, and addi- 
tional memory 324. In the depicted example, SCSI host bus 
adapter 312 provides a connection for hard disk drive 326, 
tape drive 328, CD-ROM drive 330, and digital video disc 
read only memory drive (DVD-ROM) 332. Typical PCI 
local bus implementations will support three or four PCI 
expansion slots or add-in connectors. 

An operating system runs on processor 302 and is used to 
coordinate and provide control of various components 
within data processing system 300 in FIG. 3. The operating 
system may be a commercially available operating system, 
such as OS/2, which is available from International Business 
Machines Corporation. "OS/2" is a trademark of Interna- 
tional Business Machines Corporation. An object oriented 
programming system, such as Java, may run in conjunction 
with the operating system, providing calls to the operating 
system from Java programs or applications executing on 
data processing system 300. Instructions for the operating 
system, the object-oriented operating system, and applica- 
tions or programs are located on a storage device, such as 
hard disk drive 326, and may be loaded into main memory 
304 for execution by processor 302. 

Those of ordinary skill in the art will appreciate that the 
hardware in FIG. 3 may vary depending on the implemen- 
tation. For example, other peripheral devices, such as optical 
disk drives and the like, may be used in addition to or in 
place of the hardware depicted in FIG. 3. The depicted 
example is not meant to imply architectural limitations with 
respect to the present invention. For example, the processes 
of the present invention may be applied to multiprocessor 
data processing systems. 

Turning now to FIG. 4, a block diagram illustrating a prior 
art Open Database Connectivity (ODBC) architecture is 
depicted. ODBC architecture provides an abstraction called 
a data source that encapsulates a server, database name, 
schema, network library, and other information for linking a 
client application with data. ODBC supports transaction 
commit and rollback, asynchronous processing, an option to 
cancel a query, stored procedures, primary and foreign keys, 
and five levels of transaction isolation. 
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A database application 402, which may reside on a client 
such as client 300, is connected through a network, such as 
network 100, to ODBC Driver Manager Dynamic Link 
Library (DLL) 406 via ODBC Application Programming 
Interface (API) 404. ODBC Driver Manager DLL 406 sits at 5 
a layer above Loadable Drivers 410 and 412. ODBC Driver 
Manager DLL 406 loads and unloads drivers 410 and 412, 
performs status checking, and manages multiple connections 
between applications and data sources. Loadable Drivers 
410 and 412 may be single- or multiple-tier drivers. Single- 
tier drivers sit directly above a data source and process 
ODBC calls and Structure Query Language (SQL) state- 
ments. Multiple-tier drivers process the function calls and 
pass the SQL request to a server for processing. ODBC 
Driver Manager DLL 406 processes some ODBC calls 
without calling a driver. 15 

ODBC Driver Manager DLL 406 processes the function 
calls from database application 402 and directs them to the 
appropriate one of loadable drivers 410 and 412 via ODBC 
Driver API 408. Loadable drivers 410 and 412 map the 
ODBC functions into calls to a library of proprietary func- 20 
tions contained in database proprietary protocols database 
414. 

In implementing a call to a database under this system, a 
user must enter user identification information for each 
database, application, or service that requires this informa- 25 
tion in order to process a request. Often, the user identifi- 
cation information is different for each entity, thus, a user 
must remember and enter multiple sets of user identification 
information during a computing session. 

Referring now to FIG. 5, a block diagram illustrating a 30 
software architecture in which the present invention may be 
implemented is depicted. By using this software 
architecture, a user may retrieve documents, applications, 
and other services by using a single main user identity or 
"logon". The user is not require to remember or enter any 35 
other user identities that may be required to access any of the 
multiple applications or databases that utilize different user 
identities than the main user identity. Such other identities 
arc stored, retrieved and sent to the appropriate objects at 
appropriate times automatically using the method and sys- 40 
tern of the present invention. 

In a preferred embodiment of the present invention, a 
Global Sign-on (GSO) database interface DLL 506 is placed 
between the Open Database Connectivity (ODBC) Applica- 
tion Program Interface (API) dynamic fink library (DLL) 45 
512 and database application 502. GSO database interface 
DLL 512 is a shared library that database application 502 
uses to process ODBC requests. An ODBC API is an 
application programming interface that can operate with 
heterogeneous databases without requiring source code 50 
changes. Typically, database application 502 will be located 
on a client machine such as data processing system 300 
which will be connected to GSO database interface DLL 506 
via ODBC API 504 by way of a network such as network 
100. GSO database interface DLL 506 is typically located on 55 
the same client machine as database application 502. 
Alternatively, GSO database interface DLL 506 could be 
located on a separate server using network sharing 
capability, but this is less typical. 

When GSO database interface DLL 506 receives an API 60 
request from database application 502 via ODBC API 504, 
which requires a user identity, GSO database interface DLL 
506 accesses GSO database 508 to retrieve the user's 
database identity and inserts it into the database request. 
GSO database interface DLL 506 forwards the database 65 
request to ODBC Driver Manager DLL 512 through ODBC 
API 510. 



For normal API requests which do not require a user's 
identity, GSO database interface DLL 506 forwards these 
requests to ODBC Driver Manager DLL 512 unchanged. 
Results from ODBC Driver Manager DLL 512 are returned 
to database application 502 normally. In this manner, GSO 
database interface DLL is transparent to database applica- 
tion 502 and yet the user's identity is automatically filled in 
on behalf of the user whenever the user executes a database 
application. 

ODBC Driver Manager DLL 512 fields the database 
request (or call) from database application 502. ODBC 
Driver Manager DLL 512 sits at a layer above loadable 
drivers 516, 518 and loads and unloads drivers 516, 518 
through ODBC Driver API 514, performs status checking, 
and manages multiple connections between applications and 
data sources. Loadable drivers 516, 518 may be single-or 
multiple-tier drivers. Single tier drivers sit directly above a 
data source and process ODBC calls and the structured 
query language (SQL) statements. Multiple-tier drivers pro- 
cess the function calls and pass the SQL request to a server 
for processing. Driver Manager 512 fields and processes 
some ODBC calls without calling a driver. 

In either scenario (single- or multiple-tier), ODBC Driver 
Manager DLL 512 processes the function calls of database 
application 502 and directs them to the appropriate one of 
loadable drivers 516, 518. Loadable drivers 516, 518 map 
the ODBC functions into calls to a library of proprietary 
functions or database proprietary protocols 520. Database 
522 receives the request, retrieves the appropriate content 
and sends it back to database application 502. 

GSO database interface DLL 506 provides an identical set 
of APIs as ODBC Driver Manager DLL 512 so that database 
application 502 works normally. The APIs provided by GSO 
database interface DLL 506 have the same signature and 
ordinals. GSO database interface DLL 506 dynamically 
loads the "real" ODBC API DLL 512 so that its use is 
completely transparent to database application 502. GSO 
database interface DLL 506 has the same name as ODBC 
DLL 512. Database application 502 can continue to use 
either run time linking or load time linking to access GSO 
database interface DLL 506. When GSO database interface 
DLL 506 is installed and configured, it ensures that the 
operating system will resolve links to the ODBC DLL 512 
to it first. It does this by updating PATH to point to GSO 
database interface DLL 506 first, before the real ODBC DLL 
512 routine or by moving the ODBC DLL 512 to another 
location. GSO database interface DLL 506 is also configured 
to know where the "real" ODBC DLL 512 is located so that 
it can load it at run time. 

Turning now to FIG. 6, a flowchart illustrating the pro- 
cesses of the present invention is depicted. To start, an 
application requests content from a database (step 602). The 
GSO database interface DLL intercepts the request and 
determines whether the request requires a user identity to 
access the information in the database (step 604). If the user 
identity is required to access the information in the database, 
then the GSO database interface DLL retrieves the identity 
information from the GSO database of user identities (step 
606) and inserts this user identity into the request (step 608). 
Next, the GSO database interface DLL forwards the request 
to the ODBC Driver Manager DLL (step 610). The database 
containing the requested information is accessed and the 
data retrieved (step 612). The requested data is then returned 
to the requesting application (step 614). 

If the request does not require a user identity to access 
information in the database, then the request is forwarded 
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unmodified to the ODBC Driver Manager DLL (step 610), 
which then accesses the database and retrieves the requested 
data (step 612). The requested data is then returned to the 
requesting application (step 614). 

Although the present invention has been described pri- 5 
marily with reference to database applications that utilize the 
Open Database Connectivity (ODBC) database API to 
access the database, the same technique could be used for 
any API that an application uses to access a database, such 
as, for example, the Java JDBC interface. 10 

It is important to note that while the present invention has 
been described in the context of a fully functioning data 
processing system, those of ordinary skill in the art will 
appreciate that the processes of the present invention are 
capable of being distributed in the form of a computer 15 
readable medium of instructions and a variety of forms and 
that the present invention applies equally regardless of the 
particular type of signal bearing media actually used to carry 
out the distribution. Examples of computer readable media 
include recordable-type media such a floppy disc, a hard 20 
disk drive, a RAM, and CD-ROMs and transmission-type 
media such as digital and analog communications links. 

The description of the present invention has been pre- 
sented for purposes of illustration and description, but is not 25 
intended to be exhaustive or limited to the invention in the 
form disclosed. Many modifications and variations will be 
apparent to those of ordinary skill in the art. The embodi- 
ment was chosen and described in order to best explain the 
principles of the invention, the practical application, and to 3Q 
enable others of ordinary skill in the art to understand the 
invention for various embodiments with various modifica- 
tions as are suited to the particular use contemplated. 

What is claimed is: 

1. A method in a data processing system for managing 35 
multiple identities for a user, the steps comprising: 

receiving a request for content from a database; 

responsive to a determination that retrieval of said content 
from said database requires providing said database 
with user identification information, retrieving a data- 40 
base identity from a plurality of database identities, 
wherein the retrieved database identity corresponds to 
the user; 

inserting the retrieved database identity into said request; 
retrieving said requested content from said database; and 45 
sending said requested content to a requesting client. 

2. The method as recited in claim 1, wherein the retrieved 
database identity comprises a user ID. 

3. The method as recited in claim 1, wherein the retrieved 5Q 
database identity comprises a password. 

4. The method as recited in claim 1, wherein said retriev- 
ing step and said inserting step is performed by a global 
sign-on database interface dynamic link library. 

5. The method as recited in claim 1, further comprising: 55 
responsive to a determination that user identification 

information is not necessary to retrieve said content, 
forwarding said request to said database unmodified. 

6. A method in a data processing system for managing 
multiple identities for a user, the steps comprising: 6Q 

receiving a request for content from a database; 

responsive to a determination that retrieval of said content 
from said database requires providing said database 
with user identification information, retrieving a data- 
base identity from a plurality of database identities, 65 
wherein the retrieved database identity corresponds to 
the user; and 
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inserting the retrieved database identity into said request; 

wherein said request is received from a requesting appli- 
cation and said requesting application is an open data- 
base connectivity based application. 

7. A method in a data processing system for managing 
multiple identities for a user, the steps comprising: 

receiving a request for content from a database; 

responsive to a determination that retrieval of said content 
from said database requires providing said database 
with user identification information, retrieving a data- 
base identity from a plurality of database identities, 
wherein the retrieved database identity corresponds to 
the user; and 

inserting the retrieved database identity into said request; 

wherein said request is received from a requesting appli- 
cation and said requesting application is a JAVA data- 
base connectivity based application. 

8. A computer program product on a computer useable 
medium, for use in a data processing system for managing 
multiple identities for a single user, the computer program 
product comprising: 

first instructions for receiving a request for content from 
a database; 

second instructions, responsive to a determination that 
retrieval of said content from said database requires 
providing said database with user identification 
information, for retrieving a database identity from a 
plurality of database identities, wherein the retrieved 
database identity corresponds to the user; 

third instructions for inserting the retrieved database 
identity into said request; 

fourth instructions for retrieving said requested content 
from said database; and 

fifth instructions for sending said requested content to a 
requesting client. 

9. The computer program product as recited in claim 8, 
wherein the retrieved database identity comprises a user ID. 

10. The computer program product as recited in claim 8, 
wherein the retrieved database identity comprises a pass- 
word. 

11. The computer program product as recited in claim 8, 
wherein said retrieving step and said inserting step is per- 
formed by a global sign -on database interface dynamic link 
library. 

12. The computer program product as recited in claim 8, 
further comprising: 

responsive to a determination that user identification 
information is not necessary to retrieve said content, 
forwarding said request to said database unmodified. 

13. A computer program product on a computer useable 
medium, for use in a data processing system for managing 
multiple identities for a single user, the computer program 
product comprising: 

first instructions for receiving a request for content from 
a database; 

second instructions, responsive to a determination that 
retrieval of said content from said database requires 
providing said database with user identification 
information, for retrieving a database identity from a 
plurality of database identities, wherein the retrieved 
database identity corresponds to the user; and 

third instructions for inserting the retrieved database 
identity into said request; 

wherein said request is received from a requesting appli- 
cation and said requesting application is an open data- 
base connectivity based application. 
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14. A computer program product on a computer useable 
medium, for use in a data processing system for managing 
multiple identities for a single user, the computer program 
product comprising: 

first instructions for receiving a request for content from 
a database; 

second instructions, responsive to a determination that 
retrieval of said content from said database requires 
providing said database with user identification 
information, for retrieving a database identity from a 
plurality of database identities, wherein the retrieved 
database identity corresponds to the user; and 

third instructions for inserting the retrieved database 
identity into said request; 

wherein said request is received from a requesting appli- 
cation and said requesting application is a JAVA data- 
base connectivity based application. 

15. An information handling system, comprising: 

a library, containing a plurality of database identities; 
a protected database, wherein user information must be 

provided to access said protected database; 
means for receiving a request from a user for content from 

said protected database; 
means for retrieving a particular database identity from 

said library, wherein said particular database identity 

corresponds to the user; 
means for inserting the particular database identity into 

the request; 

means for retrieving said requested content from said 
database; and 

means for sending said requested content to a requesting 
client. 

16. The information handling system as recited in claim 
15, wherein the retrieved database identity comprises a user 
ID. 

17. The information handling system as recited in claim 
15, wherein the retrieved database identity comprises a 
password. 
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18. The information handling system as recited in claim 
15, wherein said retrieving step and said inserting step is 
performed by a global sign-on database interface dynamic 
link library. 

5 19. The information handling system as recited in claim 
15, further comprising: 
responsive to a determination that user identification 
information is not necessary to retrieve said content, 
forwarding said request to said database unmodified. 
10 20. An information handling system, comprising: 

a library, containing a plurality of database identities; 
a protected database, wherein user information must be 

provided to access said protected database; 
means for receiving a request from a user for content from 
15 said protected database; 

means for retrieving a particular database identity from 
said library, wherein said particular database identity 
corresponds to the user; and 
2Q means for inserting the particular database identity into 
the request; 

wherein said request is received from a requesting appli- 
cation and said requesting application is an open data- 
base connectivity based application. 
25 21. An information handling system, comprising: 

a library, containing a plurality of database identities; 

a protected database, wherein user information must be 
provided to access said protected database; 

means for receiving a request from a user for content from 
30 said protected database; 

means for retrieving a particular database identity from 
said library, wherein said particular database identity 
corresponds to the user; and 

means for inserting the particular database identity into 
35 the request; 

wherein said request is received from a requesting appli- 
cation and said requesting application is a JAVA data- 
base connectivity based application. 

***** 
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